Industrial control systems (ICS) have been required to employ an increasing level of security defense mechanisms as they evolve from closed proprietary systems in the early 1990s to convenient, connected and open systems over the years (now at the advent of cloud and Internet of Things (IoT)). The adopted open systems in the mid-late nineties provided a trend shift for increased convenience, improved connectivity and thus, improved productivity. However, these systems became more vulnerable to exploits due to the widespread knowledge about open system vulnerabilities. To mitigate these concerns, security architectures began mandating perimeter security and security hardened nodes. However, subsequent introduction of virtual platforms and remote access support further required additional security countermeasures to prevent unauthorized accesses and system privilege gains by individuals. Security architectures and solutions thus continue to evolve based on system capabilities and with a common theme to prevent external exploitation of system vulnerabilities.
ICS solution vendors have adopted encrypted and authenticated communications and role based access control to mitigate insider attacks by developing solutions that employed many security principles including least privilege principle, segregation of duties and defense in depth.